[ReleaseCandidat]

Each Elf executable can have its own "interpreter" (loader, which as default is `ld-linux. so`), so without calling the configured interpreter ldd can't know about the dependencies of such "special" executables. And the configured interpreter can be any program, AFAIK there are no limititations in the ELF format.

[quotemstr]

Yes, but in the vast majority of cases the interpreter is ld-linux.so (or the Buonic/Musl equivalent) and a safe binary inspection tool can know for sure what that interpreter will do. It's okay for that tool to say "I don't know" 0.0001% of the time.

[ReleaseCandidat]

It wasn't meant as an argument against not loading the interpreter, but an explanation why it is "normal" - but if course insecure - behavior for ldd to execute the configured interpreter.

[therein]

I wonder what happens if it specifies itself as the interpreter.

[rep_lodsb]

Tried it, seems to crash immediately:

    $ strace ./true
    execve("./true", ["./true"], 0x7ffc9993be20 /* 40 vars */) = 0
    --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
    +++ killed by SIGSEGV +++

(hexedited copy of /bin/true; something different might happen with a specially crafted file which has no other data in it besides the name of the interpreter?)